pes2013[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

pes2013.exe
Size

19.0MB
MD5

c2d11194316b9fe6e0c0b6599bfc7bb0
SHA1

47c98a144ab48d327d969d5e1dfe8e29e5b5f29e
SHA256

329fa5fb45e4087352c8ba783b0dfa5e44823ba4168c3acccddc02f73daf1820
SHA512

76c6eba54714743c018181e884758d627f483e36693aaf63e8f0382b32ff53da2b4ec2333d1f7d61256776dea8ee1d10d19863e9cd1207085d506a9770c7cfd7
SSDEEP

393216:8P0RmWLJ/DGhnkrPrjysQPRyjhfN0lMCZxXFkGd4wXpHn62B88Xd+ECU41nnFG:lmWLJ/Snkrz+rPRyZN0aCXXFke4o962v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pes2013.exe

Files

pes2013.exe
.exe windows x86

0b6b3c8d3fde3577bd61695dd8f9f48a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

ddraw

DirectDrawCreate

dsound

ord12
ord11
ord2

kernel32

CreateDirectoryW
SetWaitableTimer
WaitForSingleObject
CancelWaitableTimer
SetThreadPriority
RaiseException
CreateWaitableTimerA
ResumeThread
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
GetCommandLineA
GetStartupInfoA
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
ExitProcess
ExitThread
CreateThread
RtlUnwind
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetCPInfo
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
HeapCreate
VirtualFree
GetTickCount
GetCurrentProcessId
HeapSize
HeapAlloc
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
ReadFile
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetStringTypeW
GetLocaleInfoW
SetFilePointer
CreateDirectoryA
SetStdHandle
Sleep
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileSize
FindFirstFileA
RemoveDirectoryA
FindClose
MoveFileA
FindNextFileA
DeleteFileA
GetFileAttributesExA
CreateFileW
SetFileAttributesA
GetFileAttributesExW
SetFileAttributesW
InterlockedCompareExchange
InterlockedExchangeAdd
TryEnterCriticalSection
CreateSemaphoreA
ReleaseSemaphore
SetErrorMode
SuspendThread
SetFileTime
CreateEventA
GetFullPathNameA
SetEvent
GetThreadPriority
ResetEvent
GetExitCodeThread
GetFileAttributesA
CloseHandle
GetVersionExA
ReleaseMutex
QueryPerformanceFrequency
GetProcessAffinityMask
CreateMutexA
GetModuleHandleA
GetLocalTime
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
lstrcatA
lstrcpyA
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetFullPathNameW
GetCurrentDirectoryA
GetExitCodeProcess
CreateProcessA
GetDriveTypeA
SignalObjectAndWait
GetSystemDirectoryA
FindResourceA
WideCharToMultiByte
QueryPerformanceCounter
GetSystemInfo
SetCurrentDirectoryW
GetLastError
GetCurrentProcess
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GlobalMemoryStatus
CreateFileA
GetFileAttributesW
LoadLibraryA
GetProcAddress
LocalAlloc
FindNextFileW
DeleteFileW
CopyFileW
GetTempPathW
GetFileSizeEx
FreeLibrary
MultiByteToWideChar
SetThreadExecutionState
SizeofResource
WriteConsoleA
LoadResource
GetDiskFreeSpaceExW
GetStringTypeA
SetThreadAffinityMask
GetLogicalDriveStringsW

user32

RegisterDeviceNotificationA
GetWindowRect
IsIconic
AttachThreadInput
GetMonitorInfoA
RedrawWindow
DrawMenuBar
SystemParametersInfoA
GetWindowThreadProcessId
MonitorFromRect
EndPaint
SetCursor
GetMessageA
RegisterClassExA
PostQuitMessage
SetForegroundWindow
LoadIconA
GetClientRect
SetFocus
BeginPaint
TranslateMessage
MessageBoxA
GetForegroundWindow
SetWindowLongA
InvalidateRect
UnregisterClassA
GetWindowLongA
CreateWindowExA
PeekMessageA
TranslateAcceleratorA
GetCursorPos
ShowWindow
DispatchMessageA
AdjustWindowRectEx
UpdateWindow
ScreenToClient
SetWindowPos
EnumDisplaySettingsA
GetDC
ReleaseDC
ShowCursor
GetKeyboardLayout
DefWindowProcA
GetActiveWindow
PostMessageA
MessageBoxW
GetSystemMetrics
CallWindowProcA
GetDoubleClickTime

gdi32

GetDeviceCaps
GetStockObject

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptCreateHash
CryptImportKey
CryptGetHashParam
CryptSetHashParam
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext

shell32

SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteA
SHGetPathFromIDListW
SHGetFileInfoW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree

d3dx9_30

D3DXGetImageInfoFromFileInMemory
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXAssembleShader
D3DXCompileShader
D3DXGetShaderConstantTable
D3DXGetVertexShaderProfile
D3DXCreateTexture
D3DXLoadSurfaceFromMemory
D3DXLoadVolumeFromMemory
D3DXGetPixelShaderProfile
D3DXCreateVolumeTexture
D3DXCreateCubeTexture

winmm

timeKillEvent
timeSetEvent
timeGetSystemTime
timeBeginPeriod
timeGetTime

imm32

ImmGetContext
ImmAssociateContext

dinput8

DirectInput8Create

wininet

InternetCloseHandle
InternetOpenA
HttpSendRequestA
InternetSetStatusCallback
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCrackUrlA
InternetReadFileExA
InternetConnectA
HttpQueryInfoA

winhttp

WinHttpCheckPlatform
WinHttpReadData
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpReceiveResponse

iphlpapi

GetIpAddrTable
SetIpForwardEntry
GetBestRoute
GetIpForwardTable
GetAdaptersInfo
GetNetworkParams
GetIfEntry
GetBestInterface
GetAdaptersAddresses

oleaut32

SysStringLen
SysFreeString
SysAllocString

Sections

.text
Size: 15.8MB - Virtual size: 15.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PSFD00
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 993KB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OUOjziG
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0b6b3c8d3fde3577bd61695dd8f9f48a

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

ddraw

dsound

kernel32

user32

gdi32

advapi32

shell32

ole32

d3dx9_30

winmm

imm32

dinput8

wininet

winhttp

iphlpapi

oleaut32

Sections

.text Size: 15.8MB - Virtual size: 15.8MB

PSFD00 Size: 7KB - Virtual size: 7KB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 993KB - Virtual size: 6.5MB

.tls Size: 512B - Virtual size: 13B

.rsrc Size: 160KB - Virtual size: 160KB

.OUOjziG Size: 228KB - Virtual size: 228KB

.text
Size: 15.8MB - Virtual size: 15.8MB

PSFD00
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 993KB - Virtual size: 6.5MB

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 160KB - Virtual size: 160KB

.OUOjziG
Size: 228KB - Virtual size: 228KB